We published a new security notice today for CA Identity Manager. The notice describes a medium risk information disclosure vulnerability that was reported by Jake Miller. A remote attacker can potentially identify the passwords for a locked account by using an exhaustive search. We are not aware of any active exploitation of this vulnerability at the time of this post.
Vulnerability Response Director
CA Product Vulnerability Response Team